CCB Alert

Warning: Critical path traversal vulnerability in #Wazuh (Open Source XDR & SIEM) CVE-2026-30893 CVSS: 9.9. Exploitation can lead to remote code execution #RCE! #Patch #Patch #Patch github.com/wazuh/wazuh/se…

Warning: #Apple patched a total of 84 vulnerabilities in #macOS, #iOS, #iPadOS, #watchOS, #tvOS & #visionOS. Make sure to update to the latest version to stay secrure! #Patch #Patch #Patch

Warning: The run-gemini-cli GitHub Action is updated to protect against remote code execution #RCE. Now, the commands gemini-cli can run in yolo mode are allowlisted. This is a breaking change. More info: github.com/advisories/GHS… #Patch #Patch #Patch

Warning: Multiple Critical Vulnerabilities in #CPanel. #CVE-2026-29202 CVSS: 8.8. These allow an authenticated user to escalate their privileges and execute arbitrary Perl code as the system user. See our advisory: ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: Critical Sandbox Escape in #vm2. #CVE-2026-26956 CVSS: 9.8. This #0Day allows an attacker to escape the sandbox and execute arbitrary commands on the host! A #PoC is available. More info in our advisory: ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: actively exploited Remote Code Execution #RCE #vulnerability in #PaloAlto #PANOS User-ID Authentication Portal. #CVE-2026-0300 CVSS: 9.3. Read our advisory on ccb.belgium.be/advisories/war…, harden your setup and #Patch #Patch #Patch

Warning: #DirtyFrag, a #Linux #kernel vulnerability affecting most Linux distributions was disclosed: #CVE-2026-43284 and #CVE-2026-43500. Successful exploitation results in Local Privilege Escalation #LPE. Read our advisory at ccb.belgium.be/advisories/war… and #Patch #Patch #Patch

Warning: Critical exposure of sensitive information #vulnerability in #Argo CD delivery tool for #Kubernetes. #CVE-2026-42880 CVSS: 9.6. This could allow an attacker with minimal privileges to extract plain text Kubernetes secrets. #Patch #Patch #Patch

Warning: Two high severity #vulnerabilities in #Cisco Unity Connection. While #CVE-2026-20034 CVSS: 8.8 could lead to arbitrary code execution #RCE, #CVE-2026-20035 CVSS: 7.2 allows a remote attacker to conduct Server-Side Request Forgery #SSRF attacks. #Patch #Patch #Patch

Warning: #0Day Authenticated Remote Code Execution (#RCE) vulnerability in #Ivanti EPMM. CVE-2026-6973 CVSS: 7.2. Limited exploitation observed. #Patch and rotate admin credentials.ccb.belgium.be/advisories/war…

Warning: High-severity flaws in #Apache HTTP Server! #CVE-2026-23918 (CVSS 8.8) is a Double Free bug leading to #RCE. #CVE-2026-24072 (CVSS 8.8) allows local #EoP via mod_rewrite. More info: ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: Critical vulnerabilities discovered in #OpenClaw. #CVE-2026-43566 (CVSS: 9.1). Attackers can escalate untrusted input into higher-trust agent context to via untrusted webhook wake events. More info: github.com/openclaw/openc… #Patch #Patch #Patch

Warning: Critical Privilege Escalation vulnerability discovered in #OpenCTI. #CVE-2026-27960 (CVSS 9.8) allows unauthenticated attackers to query the API as any existing user, including admin. More info: github.com/OpenCTI-Platfo… #Patch #Patch #Patch

Warning: A critical vulnerability in #NodeJS allows attackers to bypass the permission model via Unix Domain Socket connections. #CVE-2026-21636 A #PoC is now available. #Patch #Patch #Patch More info: nodejs.org/en/blog/vulner…

Warning: Critical insecure deserialization vulnerability in #Apache MINA. #CVE-2026-42779 CVSS: 9.8. This bypasses the classname allowlist and can lead to full remote code execution #RCE! A public proof of concept #PoC is available! lists.apache.org/thread/fhlx5k9… #Patch #Patch #Patch

Warning: Critical Prototype Pollution in #n8n. #CVE-2026-42231 & #CVE-2026-42232, CVSS: 9.4. An authenticated attacker can exploit the XML parsers and achieve complete remote code execution #RCE! #Patch #Patch #Patch More info: ccb.belgium.be/advisories/war…

Warning: The “Copy Fail” (#CVE-2026-31431, CVSS 7.8) critical #Linux kernel vulnerability, enabling easy root escalation, is now under active exploitation. Major distributions (incl. Ubuntu, Amazon Linux, ...) are affected. Advisory: ccb.belgium.be/advisories/war… . #Patch #Patch #Patch

Warning: A critical vulnerability in #Ollama. #CVE-2026-7482 CVSS: 9.1. This vulnerability allows unauthenticated remote attackers to leak sensitive server memory via malicious GGUF files, including API keys and concurrent users' conversation data! #Patch #Patch #Patch

Warning: Critical authentication bypass in #MOVEit Automation! #CVE-2026-4670 CVSS: 9.8. Exploitation may lead to unauthorized access, administrative control, and data exposure. Affects 2025.0.x, 2024.1.x, 2024.0.x. ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: Critical #ExifTool stdin argument injection in #Gotenberg. #CVE-2026-40281 CVSS: 10. Metadata value newlines bypass key sanitization, allowing arbitrary argument injection. Upgrade to v8.31.0 immediately. github.com/advisories/GHS… #Patch #Patch #Patch